Exposed Heap Dump Endpoint in TeleMessage Service from TeleMessage
CVE-2025-48927

5.3MEDIUM

Key Information:

Vendor

Telemessage

Status
Service
Vendor
CVE Published:
28 May 2025

Badges

🔥 Trending now📈 Trended📈 Score: 1,440👾 Exploit Exists🟣 EPSS 14%🦅 CISA Reported📰 News Worthy

What is CVE-2025-48927?

CVE-2025-48927 is a significant vulnerability affecting the TeleMessage service, which utilizes the Spring Boot framework to provide messaging solutions. This vulnerability arises from an exposed heap dump endpoint located at the /heapdump URI, which is configured by default and can be accessed if not properly secured. The heap dump feature allows for the analysis of the memory content of the application, which can inadvertently provide attackers with sensitive information about the running application and its data.

This vulnerability can negatively impact organizations by enabling unauthorized access to critical application data, exposing them to potential data breaches or exploitation. Since heap dumps can contain sensitive information, including credentials or application logic, attackers can leverage this data to enhance their attacks, potentially leading to further compromise of the affected systems.

Potential impact of CVE-2025-48927

  1. Data Exposure: Attackers gaining access to heap dumps may retrieve sensitive information such as user credentials, API keys, or confidential application data, leading to data breaches and loss of customer trust.

  2. Increased Attack Surface: The presence of an exposed heap dump endpoint broadens the attack surface, allowing cybercriminals to exploit other vulnerabilities within the application or infrastructure, which could lead to full system compromise.

  3. Reputation Damage: Organizations impacted by this vulnerability may face severe reputational damage due to the potential for data breaches and the perceived inability to protect sensitive information, affecting customer confidence and business operations.

CISA has reported CVE-2025-48927

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-48927 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

service 0 <= 2025-05-05

News Articles

favicon imageBankInfoSecurity

Attackers Target Legacy Code in TeleMessage's Signal Clone

Attackers are actively attempting to exploit a vulnerability that exists in older versions of the Signal message app clone TeleMessage TM SGNL, built by Smarsh to

4 days ago

favicon imageGreyNoise

Flaw in Signal App Clone Could Leak Passwords — GreyNoise Identifies Active Reconnaissance and Exploit Attempts

A vulnerability disclosed in May 2025, CVE-2025-48927, affects certain deployments of TeleMessageTM SGNL. If exposed, this endpoint can return a full snapshot of heap memory which may include plaintext usernames, passwords, and other sensitive data.

4 days ago

favicon imageAInvest

Hackers Exploit Unpatched TeleMessage Vulnerability

Hackers Exploit Unpatched TeleMessage Vulnerability

1 week ago

References

https://www.wired.com/story/how-the-signal-knock-off-app-...

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered by SecurityWeek

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-48927 : Exposed Heap Dump Endpoint in TeleMessage Service from TeleMessage